On 5 Jan 2023, at 13:42, Ingo Klöcker wrote:
>
> GitLab keeps the verification state if a
> key is removed, but I added the updated key including the expired subkey. That
> was a bad idea because GitLab invalidated all commits signed with the expired
> subkey.
It is disappointing to see that
On Dienstag, 11. Oktober 2022 19:44:19 CET Ingo Klöcker wrote:
> I'm going to experiment with 1-year-validity of the signing subkeys of my
> commit signing key. Since I use this key exclusively for commit signing, I
> can simply replace it with a completely different key if I change my mind.
Am Donnerstag 13 Oktober 2022 15:42:04 schrieb Teemu Likonen:
> * 2022-10-11 17:23:49+0200, nect via Gnupg-users wrote:
> > Since I was struggling to choose a strategy for expiring/renewing my
> > subkeys [...]
>
> We should ask why do you want to expire (and rotate) your subkeys?
For encryption
On Donnerstag, 13. Oktober 2022 11:39:41 CEST nect via Gnupg-users wrote:
> > Since I use this key exclusively for commit signing, I can
> > simply replace it with a completely different key if I change my mind.
>
> About this, how do you deal-or plan of dealing- with past commits signed
> with a
* 2022-10-11 17:23:49+0200, nect via Gnupg-users wrote:
> Since I was struggling to choose a strategy for expiring/renewing my
> subkeys [...]
We should ask why do you want to expire (and rotate) your subkeys? Maybe
you have good reasons but I'll remind of the basic question: why not use
the
Hello Ingo,
Thank you for your reply.
>You will still have to upload the updated key to every website you use.
So,
> you don't gain much if anything with this approach.
You are totally right, I didn't think of that.
In any case, this begs the question: is it better (best practice if you
want)
On Dienstag, 11. Oktober 2022 17:23:49 CEST nect via Gnupg-users wrote:
> I started using gpg relatively recently (1 year or so), mainly for
> signing git commits, and I am far from mastering it.
>
> Since I was struggling to choose a strategy for expiring/renewing my
> subkeys (more details
Hello,
I started using gpg relatively recently (1 year or so), mainly for
signing git commits, and I am far from mastering it.
Since I was struggling to choose a strategy for expiring/renewing my
subkeys (more details below) I decided to seek expert advice (hopefully
this is the right place).